dockercfg-config: Detect .dockercfg

日期: 2025-09-01 | 影响软件: dockercfg-config | POC: 已公开

漏洞描述

Docker registry authentication data

PoC代码[已公开]

id: dockercfg-config

info:
    name: Detect .dockercfg
    author: geeknik
    severity: high
    description: Docker registry authentication data

rules:
    r0:
        request:
            method: GET
            path: /.dockercfg
        expression: response.status == 200 && response.content_type.contains("text/plain") && response.body.bcontains(b'"email":') && response.body.bcontains(b'"auth":') 
    r1:
        request:
            method: GET
            path: /.docker/config.json
        expression: response.status == 200 && response.content_type.contains("text/plain") && response.body.bcontains(b'"email":') && response.body.bcontains(b'"auth":') 
expression: r0() && r1()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/dockercfg-config.yaml

相关漏洞推荐